Line design
A Maryland federal court examines a coverage dispute regarding whether an insured had experienced a covered loss to its computer system following a ransomware attack.
Insurance Insight_390x160

As cyberattacks increase and coverage lawsuits make their way through the judicial system, policyholders have increasingly asked courts to broadly construe policy language to provide coverage for such events. In January 2020, a federal district court in Maryland found that the loss of data and software, as well as impaired functionality of a computer system due to a ransomware attack, qualified as direct physical loss or damage under a businessowners policy.1 It remains to be seen whether the insurer will appeal the novel ruling and if other courts will follow suit.

National Ink and Stitch, LLC v. State Auto Property and Casualty Insurance Company

At issue in this coverage dispute was whether the insured had experienced “direct physical loss of or damage” to its computer system following a ransomware attack. The insured, National Ink and Stitch, operated an embroidery and screen-printing business that used a computer server to store art and designs for its products, as well as different types of software.

In December 2016, National Ink’s server and network computers were subject to a ransomware attack that blocked the insured’s access to data on the server and most of the software programs. The hacker demanded payment in exchange for releasing the software and data. After receiving payment, however, the hacker refused to release the system and demanded more. National Ink hired a security company to replace the original software and install protective software that resulted in a slower and less efficient system. Despite these efforts, a residual, dormant ransomware virus likely remained in the system. Given the risk of further infection, National Ink purchased an entirely new server and related components.

National Ink brought a claim under its businessowners policy with State Auto Property and Casualty Company for the cost of replacing its computer system. The policy provided coverage for “direct physical loss of or damage to Covered Property . . . caused by or resulting from any Covered Cause of Loss.” The policy also included a Special Form Computer Coverage Endorsement that defined “Covered Property” to include “Electronic Media and Records (Including Software). This endorsement further defined “Electronic Media and Records” as:

(a)   Electronic data processing, recording, or storage media such as films, tapes, discs, drums or cells; and

(b)   Data stored on such media.2

State Auto denied the claim on the basis that National Ink did not experience “direct physical loss” to covered property. State Auto reasoned that National Ink could still operate its computer system and had only lost data, an intangible asset. National Ink argued that: (1) the policy language includes data and computer software as property that may be subject to “direct physical loss,” and (2) the computer system itself was damaged by the loss of functionality.

The district court granted National Ink’s motion for summary judgment, finding that the policy did not limit coverage to “tangible property” and instead “contemplates that data and software are covered and can experience ‘direct physical loss or damage.’”3 Separately, the court rejected State Auto’s argument that the repaired computer system was not damaged because it continued to function, noting that the policy language covers both “physical loss” and “damage to” the software and data. The court concluded that the impaired functionality of the slower and likely still infected computer system was sufficient, by itself, to trigger coverage under the policy.4

Why It Matters

Ransomware attacks are on the rise and increasingly target organizations and municipalities, causing widespread and substantial damage. According to a report from Cybersecurity Ventures, the estimated damage from ransomware attacks was to exceed $11.5 billion in 2019.5  A “Cyber Threat Landscape Report” by Deep Instinct found that the average estimated cost of an attack was $141,000, a substantial increase from the $46,800 average in 2018.6 As reported by the New York Times, the FBI’s Cybersection Chief views ransomware attacks as “one of the most serious cybercriminal problems we face right now.”7

Against this backdrop, policyholders may increasingly seek coverage following ransomware attacks under policies that were not intended to provide such coverage. Depending on the circumstances, insureds may view National Ink as providing a path forward for their claims. It remains to be seen whether State Auto will appeal and if other courts will find the decision compelling and follow suit. The opinion may, however, be limited in its application given the specific language in the policy’s computer coverage endorsement.

Read More

1 National Ink and Stitch, LLC v. State Auto Property and Casualty Insurance Company, No. SAG-18-2138 (D. Md. Jan. 23, 2020).
2 Id. at 2-3.
3 Id. at 5.
4 Id. at 11.
5 CYBERCRIME MAGAZINE, GLOBAL RANSOMWARE DAMAGE COSTS PREDICTED TO HIT $11.5 BILLION BY 2019 (Nov. 14, 2017), available at https://cybersecurityventures.com/ ransomware-damage-report-2017-part-2/
6 DARK READING, RANSOMEWARE DAMAGE HIT $11.5B IN 2019 (Feb. 20, 2020), available at https://www.darkreading.com/attacks-breaches/ransomware-damage-hit-%24115b-in-2019/d/d-id/1337103
7 NEW YORK TIMES, RANSOMEWARE ATTACKS GROW, CRIPPLING CITIES AND BUSINESSES (Feb. 9, 2020), available at https://www.nytimes.com/2020/02/09/technology/ ransomware-attacks.html

Related Attorneys

The Robins Kaplan Insurance Insight

Jump to Page

Robins Kaplan LLP Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek